I think the main thing would be to make sure you don't use the same password on more than one website! I had this issue a couple of years ago when one of the hobby sites that I am a member of was hacked.

From that site all they got was my E-mail and the access password for that particular site, but because of my own failures, I had used the very same password there that I had used for my E-mail.... and with a "robo" they signed into my AOL account and sent bogus e-mails from my address to every listing in my top-level contact list.

Fortunately, AOL keeps a copy of every e-mail sent and I was able to follow up immediately with a notice and apology. None of the sub-catagory contact listings were touched, thankfully.

Since then, I keep my paper log book and use different passwords for every website. We don't do online banking or bill payments and my retirement account is setup only to monitor and transfers require online with phone confirmation.

I did have a problem last year with a credit card hack, but that was determined to be unrelated to any activity that we did. Fortunately my wife in insistant on getting receipts for even the most minor of purchases and she logs them immediately. The bank also immediately halts the card and notifies us of anything suspicious (like this particular out-of-town transaction).

Only challenge is that should we decide to take a trip, I need to notify the bank that I am traveling in that area.

Getting hacked on the computer or especially with a credit card, is both embarrassing and highly inconvenient.

CWS

A similar system is required to enter grades at the university.

The "ideal" is three factor authentication, which requires:
1. something you know (e.g. a password)
2. something you have (the RSA dongle)
3. something you are (fingerprint, DNA, etc.)

Systems that use three factor authentication are very difficult to hack.

I think that we need to acknowledge that there are two groups of passwords. Those that are important, banking, email and the like. Then there are all the rest. Does it really matter if someone gets my password to BT3Central? What can they do? Post and make me look stupid? I've already done that. Same with so many sites that require a password. I let my password manager take care of them and only store the user name for the important ones. I'm left with only 10 or so passwords for the rest of them that I have to remember. Even then if someone really wants to log in to my bank account the joke is on them, I don't have any money.


Bill
on the left coast where today it's sunny!

I keep very minimal operating funds in my business and my Paypal accounts. If it gets stolen, they ain't got much. My other accounts have never seen the internet.

I don't think the bulk of CC fraud or identity theft is all done via the internet either. Some of course is, but there are other avenues where it happens too.

I don't keep much cash at home either, but I do have a little more permanent security features there.